Is there a technology that can survive the rubber hose attack?
: In the documentary film Citizenfour, Edward Snowden says about documents: I'm comfortable in my technical ability to protect [documents]. I mean you could literally shoot me or torture me and I could not disclose the password, even if I wanted to. I have the sophistication to do that.
What technology/methods exist that would enable the scenario Edward Snowden is referring to when he claims to be able to create a protected file where he cannot disclose the password?
I suspect that the most likely way that the rubber hose attack can be protected by following Bruce Schneier's advice regarding laptop security through airports: Step One: Before you board your plane, add another key to your whole-disk encryption (it'll probably mean adding another "user") -- and make it random. By "random," I mean really random: Pound the keyboard for a while, like a monkey trying to write Shakespeare. Don't make it memorable. Don't even try to memorise it. Technically, this key doesn't directly encrypt your hard drive. Instead, it encrypts the key that is used to encrypt your hard drive -- that's how the software allows multiple users. So now there are two different users named with two different keys: the one you normally use, and some random one you just invented.
Step Two: Send that new random key to someone you trust. Make sure the trusted recipient has it, and make sure it works. You won't be able to recover your hard drive without it.
Step Three: Burn, shred, delete or otherwise destroy all copies of that new random key. Forget it. If it was sufficiently random and non-memorable, this should be easy.
Step Four: Board your plane normally and use your computer for the whole flight.
Step Five: Before you land, delete the key you normally use.
At this point, you will not be able to boot your computer. The only key remaining is the one you forgot in Step Three. There's no need to lie to the customs official; you can even show him a copy of this article if he doesn't believe you. Step Six: When you're safely through customs, get that random key back from your confidant, boot your computer and re-add the key you normally use to access your hard drive.
And that's it. This is by no means a magic get-through-customs-easily card. Your computer might be impounded, and you might be taken to court and compelled to reveal who has the random key. To be even more secure, Snowden himself may not know who has the backup key--as the associate he gave it to may have passed it along elsewhere. Also, it is likely that the person that did receive the backup key from Snowden is in a different country than any likely attacker and is doing his or her best to stay very safe. In response to the below comment, I decided to add the following advice:
Create a dummy operating system that starts at the beginning of the laptop's hard drive. The encrypted operating system with sensitive information will be the following partition. Configure the laptop's bootloader to boot from the dummy operating system without your intervention. TrueCrypt had a similar hidden operating system feature where the TrueCrypt bootloader would accept two different passwords, giving access to two different operating systems. The hidden operating system was concealed with a bit of clever steganography. We can do something similar in Linux and LUKS, but without the steganography, by doing the following:
Installing Linux twice--on two partitions. Encrypting both of them with LUKS. Configuring the bootloader (probably GRUB2) to boot the first Linux installation, and remove the entries for the second installation. Whenever you want to boot your second, secret installation, boot your laptop and reach the GRUB screen. Modify the bootloader entry (temporarily) directly from the boot screen to point to the second partition. Step four is not very user friendly, and we could get rid of it and make a separate bootloader entry for our secret operating system, but then anybody that looked at the screen could tell that there are two operating systems on the machine. An investigator can still tell, but now they must look at the laptop's hard drive with a partition editing tool.